| [ Index ] |
|
Code source de PHProxy 0.5b2 |
1 <?php 2 3 /* 4 +-----------------+------------------------------------------------------------+ 5 | Script | PHProxy | 6 | Author | Abdullah Arif | 7 | Last Modified | 5:27 PM 1/20/2007 | 8 +-----------------+------------------------------------------------------------+ 9 | This program is free software; you can redistribute it and/or | 10 | modify it under the terms of the GNU General Public License | 11 | as published by the Free Software Foundation; either version 2 | 12 | of the License, or (at your option) any later version. | 13 | | 14 | This program is distributed in the hope that it will be useful, | 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of | 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 17 | GNU General Public License for more details. | 18 | | 19 | You should have received a copy of the GNU General Public License | 20 | along with this program; if not, write to the Free Software | 21 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 22 +------------------------------------------------------------------------------+ 23 */ 24 25 error_reporting(E_ALL); 26 27 // 28 // CONFIGURABLE OPTIONS 29 // 30 31 $_config = array 32 ( 33 'url_var_name' => 'q', 34 'flags_var_name' => 'hl', 35 'get_form_name' => '____pgfa', 36 'basic_auth_var_name' => '____pbavn', 37 'max_file_size' => -1, 38 'allow_hotlinking' => 0, 39 'upon_hotlink' => 1, 40 'compress_output' => 0 41 ); 42 $_flags = array 43 ( 44 'include_form' => 1, 45 'remove_scripts' => 1, 46 'accept_cookies' => 1, 47 'show_images' => 1, 48 'show_referer' => 1, 49 'rotate13' => 0, 50 'base64_encode' => 1, 51 'strip_meta' => 1, 52 'strip_title' => 0, 53 'session_cookies' => 1 54 ); 55 $_frozen_flags = array 56 ( 57 'include_form' => 0, 58 'remove_scripts' => 0, 59 'accept_cookies' => 0, 60 'show_images' => 0, 61 'show_referer' => 0, 62 'rotate13' => 0, 63 'base64_encode' => 0, 64 'strip_meta' => 0, 65 'strip_title' => 0, 66 'session_cookies' => 0 67 ); 68 $_labels = array 69 ( 70 'include_form' => array('Include Form', 'Include mini URL-form on every page'), 71 'remove_scripts' => array('Remove Scripts', 'Remove client-side scripting (i.e JavaScript)'), 72 'accept_cookies' => array('Accept Cookies', 'Allow cookies to be stored'), 73 'show_images' => array('Show Images', 'Show images on browsed pages'), 74 'show_referer' => array('Show Referer', 'Show actual referring Website'), 75 'rotate13' => array('Rotate13', 'Use ROT13 encoding on the address'), 76 'base64_encode' => array('Base64', 'Use base64 encodng on the address'), 77 'strip_meta' => array('Strip Meta', 'Strip meta information tags from pages'), 78 'strip_title' => array('Strip Title', 'Strip page title'), 79 'session_cookies' => array('Session Cookies', 'Store cookies for this session only') 80 ); 81 82 $_hosts = array 83 ( 84 '#^127\.|192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[01])\.|localhost#i' 85 ); 86 $_hotlink_domains = array(); 87 $_insert = array(); 88 89 // 90 // END CONFIGURABLE OPTIONS. The ride for you ends here. Close the file. 91 // 92 93 $_iflags = ''; 94 $_system = array 95 ( 96 'ssl' => extension_loaded('openssl') && version_compare(PHP_VERSION, '4.3.0', '>='), 97 'uploads' => ini_get('file_uploads'), 98 'gzip' => extension_loaded('zlib') && !ini_get('zlib.output_compression'), 99 'stripslashes' => get_magic_quotes_gpc() 100 ); 101 $_proxify = array('text/html' => 1, 'application/xml+xhtml' => 1, 'application/xhtml+xml' => 1, 'text/css' => 1); 102 $_version = '0.5b2'; 103 $_http_host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost'); 104 $_script_url = 'http' . ((isset($_ENV['HTTPS']) && $_ENV['HTTPS'] == 'on') || $_SERVER['SERVER_PORT'] == 443 ? 's' : '') . '://' . $_http_host . ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ? ':' . $_SERVER['SERVER_PORT'] : '') . $_SERVER['PHP_SELF']; 105 $_script_base = substr($_script_url, 0, strrpos($_script_url, '/')+1); 106 $_url = ''; 107 $_url_parts = array(); 108 $_base = array(); 109 $_socket = null; 110 $_request_method = $_SERVER['REQUEST_METHOD']; 111 $_request_headers = ''; 112 $_cookie = ''; 113 $_post_body = ''; 114 $_response_headers = array(); 115 $_response_keys = array(); 116 $_http_version = ''; 117 $_response_code = 0; 118 $_content_type = 'text/html'; 119 $_content_length = false; 120 $_content_disp = ''; 121 $_set_cookie = array(); 122 $_retry = false; 123 $_quit = false; 124 $_basic_auth_header = ''; 125 $_basic_auth_realm = ''; 126 $_auth_creds = array(); 127 $_response_body = ''; 128 129 // 130 // FUNCTION DECLARATIONS 131 // 132 133 function show_report($data) 134 { 135 include $data['which'] . '.inc.php'; 136 exit(0); 137 } 138 139 function add_cookie($name, $value, $expires = 0) 140 { 141 return rawurlencode(rawurlencode($name)) . '=' . rawurlencode(rawurlencode($value)) . (empty($expires) ? '' : '; expires=' . gmdate('D, d-M-Y H:i:s \G\M\T', $expires)) . '; path=/; domain=.' . $GLOBALS['_http_host']; 142 } 143 144 function set_post_vars($array, $parent_key = null) 145 { 146 $temp = array(); 147 148 foreach ($array as $key => $value) 149 { 150 $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); 151 if (is_array($value)) 152 { 153 $temp = array_merge($temp, set_post_vars($value, $key)); 154 } 155 else 156 { 157 $temp[$key] = urlencode($value); 158 } 159 } 160 161 return $temp; 162 } 163 164 function set_post_files($array, $parent_key = null) 165 { 166 $temp = array(); 167 168 foreach ($array as $key => $value) 169 { 170 $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); 171 if (is_array($value)) 172 { 173 $temp = array_merge_recursive($temp, set_post_files($value, $key)); 174 } 175 else if (preg_match('#^([^\[\]]+)\[(name|type|tmp_name)\]#', $key, $m)) 176 { 177 $temp[str_replace($m[0], $m[1], $key)][$m[2]] = $value; 178 } 179 } 180 181 return $temp; 182 } 183 184 function url_parse($url, & $container) 185 { 186 $temp = @parse_url($url); 187 188 if (!empty($temp)) 189 { 190 $temp['port_ext'] = ''; 191 $temp['base'] = $temp['scheme'] . '://' . $temp['host']; 192 193 if (isset($temp['port'])) 194 { 195 $temp['base'] .= $temp['port_ext'] = ':' . $temp['port']; 196 } 197 else 198 { 199 $temp['port'] = $temp['scheme'] === 'https' ? 443 : 80; 200 } 201 202 $temp['path'] = isset($temp['path']) ? $temp['path'] : '/'; 203 $path = array(); 204 $temp['path'] = explode('/', $temp['path']); 205 206 foreach ($temp['path'] as $dir) 207 { 208 if ($dir === '..') 209 { 210 array_pop($path); 211 } 212 else if ($dir !== '.') 213 { 214 for ($dir = rawurldecode($dir), $new_dir = '', $i = 0, $count_i = strlen($dir); $i < $count_i; $new_dir .= strspn($dir{$i}, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$-_.+!*\'(),?:@&;=') ? $dir{$i} : rawurlencode($dir{$i}), ++$i); 215 $path[] = $new_dir; 216 } 217 } 218 219 $temp['path'] = str_replace('/%7E', '/~', '/' . ltrim(implode('/', $path), '/')); 220 $temp['file'] = substr($temp['path'], strrpos($temp['path'], '/')+1); 221 $temp['dir'] = substr($temp['path'], 0, strrpos($temp['path'], '/')); 222 $temp['base'] .= $temp['dir']; 223 $temp['prev_dir'] = substr_count($temp['path'], '/') > 1 ? substr($temp['base'], 0, strrpos($temp['base'], '/')+1) : $temp['base'] . '/'; 224 $container = $temp; 225 226 return true; 227 } 228 229 return false; 230 } 231 232 function complete_url($url, $proxify = true) 233 { 234 $url = trim($url); 235 236 if ($url === '') 237 { 238 return ''; 239 } 240 241 $hash_pos = strrpos($url, '#'); 242 $fragment = $hash_pos !== false ? '#' . substr($url, $hash_pos) : ''; 243 $sep_pos = strpos($url, '://'); 244 245 if ($sep_pos === false || $sep_pos > 5) 246 { 247 switch ($url{0}) 248 { 249 case '/': 250 $url = substr($url, 0, 2) === '//' ? $GLOBALS['_base']['scheme'] . ':' . $url : $GLOBALS['_base']['scheme'] . '://' . $GLOBALS['_base']['host'] . $GLOBALS['_base']['port_ext'] . $url; 251 break; 252 case '?': 253 $url = $GLOBALS['_base']['base'] . '/' . $GLOBALS['_base']['file'] . $url; 254 break; 255 case '#': 256 $proxify = false; 257 break; 258 case 'm': 259 if (substr($url, 0, 7) == 'mailto:') 260 { 261 $proxify = false; 262 break; 263 } 264 default: 265 $url = $GLOBALS['_base']['base'] . '/' . $url; 266 } 267 } 268 269 return $proxify ? "{$GLOBALS['_script_url']}?{$GLOBALS['_config']['url_var_name']}=" . encode_url($url) . $fragment : $url; 270 } 271 272 function proxify_inline_css($css) 273 { 274 preg_match_all('#url\s*\(\s*(([^)]*(\\\))*[^)]*)(\)|$)?#i', $css, $matches, PREG_SET_ORDER); 275 276 for ($i = 0, $count = count($matches); $i < $count; ++$i) 277 { 278 $css = str_replace($matches[$i][0], 'url(' . proxify_css_url($matches[$i][1]) . ')', $css); 279 } 280 281 return $css; 282 } 283 284 function proxify_css($css) 285 { 286 $css = proxify_inline_css($css); 287 288 preg_match_all("#@import\s*(?:\"([^\">]*)\"?|'([^'>]*)'?)([^;]*)(;|$)#i", $css, $matches, PREG_SET_ORDER); 289 290 for ($i = 0, $count = count($matches); $i < $count; ++$i) 291 { 292 $delim = '"'; 293 $url = $matches[$i][2]; 294 295 if (isset($matches[$i][3])) 296 { 297 $delim = "'"; 298 $url = $matches[$i][3]; 299 } 300 301 $css = str_replace($matches[$i][0], '@import ' . $delim . proxify_css_url($matches[$i][1]) . $delim . (isset($matches[$i][4]) ? $matches[$i][4] : ''), $css); 302 } 303 304 return $css; 305 } 306 307 function proxify_css_url($url) 308 { 309 $url = trim($url); 310 $delim = strpos($url, '"') === 0 ? '"' : (strpos($url, "'") === 0 ? "'" : ''); 311 312 return $delim . preg_replace('#([\(\),\s\'"\\\])#', '\\$1', complete_url(trim(preg_replace('#\\\(.)#', '$1', trim($url, $delim))))) . $delim; 313 } 314 315 // 316 // SET FLAGS 317 // 318 319 if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']]) && isset($_POST[$_config['flags_var_name']])) 320 { 321 foreach ($_flags as $flag_name => $flag_value) 322 { 323 $_iflags .= isset($_POST[$_config['flags_var_name']][$flag_name]) ? (string)(int)(bool)$_POST[$_config['flags_var_name']][$flag_name] : ($_frozen_flags[$flag_name] ? $flag_value : '0'); 324 } 325 326 $_iflags = base_convert(($_iflags != '' ? $_iflags : '0'), 2, 16); 327 } 328 else if (isset($_GET[$_config['flags_var_name']]) && !isset($_GET[$_config['get_form_name']]) && ctype_alnum($_GET[$_config['flags_var_name']])) 329 { 330 $_iflags = $_GET[$_config['flags_var_name']]; 331 } 332 else if (isset($_COOKIE['flags']) && ctype_alnum($_COOKIE['flags'])) 333 { 334 $_iflags = $_COOKIE['flags']; 335 } 336 337 if ($_iflags !== '') 338 { 339 $_set_cookie[] = add_cookie('flags', $_iflags, time()+2419200); 340 $_iflags = str_pad(base_convert($_iflags, 16, 2), count($_flags), '0', STR_PAD_LEFT); 341 $i = 0; 342 343 foreach ($_flags as $flag_name => $flag_value) 344 { 345 $_flags[$flag_name] = $_frozen_flags[$flag_name] ? $flag_value : (int)(bool)$_iflags{$i}; 346 $i++; 347 } 348 } 349 350 // 351 // DETERMINE URL-ENCODING BASED ON FLAGS 352 // 353 354 if ($_flags['rotate13']) 355 { 356 function encode_url($url) 357 { 358 return rawurlencode(str_rot13($url)); 359 } 360 function decode_url($url) 361 { 362 return str_replace(array('&', '&'), '&', str_rot13(rawurldecode($url))); 363 } 364 } 365 else if ($_flags['base64_encode']) 366 { 367 function encode_url($url) 368 { 369 return rawurlencode(base64_encode($url)); 370 } 371 function decode_url($url) 372 { 373 return str_replace(array('&', '&'), '&', base64_decode(rawurldecode($url))); 374 } 375 } 376 else 377 { 378 function encode_url($url) 379 { 380 return rawurlencode($url); 381 } 382 function decode_url($url) 383 { 384 return str_replace(array('&', '&'), '&', rawurldecode($url)); 385 } 386 } 387 388 // 389 // COMPRESS OUTPUT IF INSTRUCTED 390 // 391 392 if ($_config['compress_output'] && $_system['gzip']) 393 { 394 ob_start('ob_gzhandler'); 395 } 396 397 // 398 // STRIP SLASHES FROM GPC IF NECESSARY 399 // 400 401 if ($_system['stripslashes']) 402 { 403 function _stripslashes($value) 404 { 405 return is_array($value) ? array_map('_stripslashes', $value) : (is_string($value) ? stripslashes($value) : $value); 406 } 407 408 $_GET = _stripslashes($_GET); 409 $_POST = _stripslashes($_POST); 410 $_COOKIE = _stripslashes($_COOKIE); 411 } 412 413 // 414 // FIGURE OUT WHAT TO DO (POST URL-form submit, GET form request, regular request, basic auth, cookie manager, show URL-form) 415 // 416 417 if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']])) 418 { 419 header('Location: ' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_POST[$_config['url_var_name']]) . '&' . $_config['flags_var_name'] . '=' . base_convert($_iflags, 2, 16)); 420 exit(0); 421 } 422 423 if (isset($_GET[$_config['get_form_name']])) 424 { 425 $_url = decode_url($_GET[$_config['get_form_name']]); 426 $qstr = strpos($_url, '?') !== false ? (strpos($_url, '?') === strlen($_url)-1 ? '' : '&') : '?'; 427 $arr = explode('&', $_SERVER['QUERY_STRING']); 428 429 if (preg_match('#^\Q' . $_config['get_form_name'] . '\E#', $arr[0])) 430 { 431 array_shift($arr); 432 } 433 434 $_url .= $qstr . implode('&', $arr); 435 } 436 else if (isset($_GET[$_config['url_var_name']])) 437 { 438 $_url = decode_url($_GET[$_config['url_var_name']]); 439 } 440 else if (isset($_GET['action']) && $_GET['action'] == 'cookies') 441 { 442 show_report(array('which' => 'cookies')); 443 } 444 else 445 { 446 show_report(array('which' => 'index', 'category' => 'entry_form')); 447 } 448 449 if (isset($_GET[$_config['url_var_name']], $_POST[$_config['basic_auth_var_name']], $_POST['username'], $_POST['password'])) 450 { 451 $_request_method = 'GET'; 452 $_basic_auth_realm = base64_decode($_POST[$_config['basic_auth_var_name']]); 453 $_basic_auth_header = base64_encode($_POST['username'] . ':' . $_POST['password']); 454 } 455 456 // 457 // SET URL 458 // 459 460 if (strpos($_url, '://') === false) 461 { 462 $_url = 'http://' . $_url; 463 } 464 465 if (url_parse($_url, $_url_parts)) 466 { 467 $_base = $_url_parts; 468 469 if (!empty($_hosts)) 470 { 471 foreach ($_hosts as $host) 472 { 473 if (preg_match($host, $_url_parts['host'])) 474 { 475 show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 1)); 476 } 477 } 478 } 479 } 480 else 481 { 482 show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 2)); 483 } 484 485 // 486 // HOTLINKING PREVENTION 487 // 488 489 if (!$_config['allow_hotlinking'] && isset($_SERVER['HTTP_REFERER'])) 490 { 491 $_hotlink_domains[] = $_http_host; 492 $is_hotlinking = true; 493 494 foreach ($_hotlink_domains as $host) 495 { 496 if (preg_match('#^https?\:\/\/(www)?\Q' . $host . '\E(\/|\:|$)#i', trim($_SERVER['HTTP_REFERER']))) 497 { 498 $is_hotlinking = false; 499 break; 500 } 501 } 502 503 if ($is_hotlinking) 504 { 505 switch ($_config['upon_hotlink']) 506 { 507 case 1: 508 show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'hotlinking')); 509 break; 510 case 2: 511 header('HTTP/1.0 404 Not Found'); 512 exit(0); 513 default: 514 header('Location: ' . $_config['upon_hotlink']); 515 exit(0); 516 } 517 } 518 } 519 520 // 521 // OPEN SOCKET TO SERVER 522 // 523 524 do 525 { 526 $_retry = false; 527 $_socket = @fsockopen(($_url_parts['scheme'] === 'https' && $_system['ssl'] ? 'ssl://' : 'tcp://') . $_url_parts['host'], $_url_parts['port'], $err_no, $err_str, 30); 528 529 if ($_socket === false) 530 { 531 show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'internal', 'error' => $err_no)); 532 } 533 534 // 535 // SET REQUEST HEADERS 536 // 537 538 $_request_headers = $_request_method . ' ' . $_url_parts['path']; 539 540 if (isset($_url_parts['query'])) 541 { 542 $_request_headers .= '?'; 543 $query = preg_split('#([&;])#', $_url_parts['query'], -1, PREG_SPLIT_DELIM_CAPTURE); 544 for ($i = 0, $count = count($query); $i < $count; $_request_headers .= implode('=', array_map('urlencode', array_map('urldecode', explode('=', $query[$i])))) . (isset($query[++$i]) ? $query[$i] : ''), $i++); 545 } 546 547 $_request_headers .= " HTTP/1.0\r\n"; 548 $_request_headers .= 'Host: ' . $_url_parts['host'] . $_url_parts['port_ext'] . "\r\n"; 549 550 if (isset($_SERVER['HTTP_USER_AGENT'])) 551 { 552 $_request_headers .= 'User-Agent: ' . $_SERVER['HTTP_USER_AGENT'] . "\r\n"; 553 } 554 if (isset($_SERVER['HTTP_ACCEPT'])) 555 { 556 $_request_headers .= 'Accept: ' . $_SERVER['HTTP_ACCEPT'] . "\r\n"; 557 } 558 else 559 { 560 $_request_headers .= "Accept: */*;q=0.1\r\n"; 561 } 562 if ($_flags['show_referer'] && isset($_SERVER['HTTP_REFERER']) && preg_match('#^\Q' . $_script_url . '?' . $_config['url_var_name'] . '=\E([^&]+)#', $_SERVER['HTTP_REFERER'], $matches)) 563 { 564 $_request_headers .= 'Referer: ' . decode_url($matches[1]) . "\r\n"; 565 } 566 if (!empty($_COOKIE)) 567 { 568 $_cookie = ''; 569 $_auth_creds = array(); 570 571 foreach ($_COOKIE as $cookie_id => $cookie_content) 572 { 573 $cookie_id = explode(';', rawurldecode($cookie_id)); 574 $cookie_content = explode(';', rawurldecode($cookie_content)); 575 576 if ($cookie_id[0] === 'COOKIE') 577 { 578 $cookie_id[3] = str_replace('_', '.', $cookie_id[3]); //stupid PHP can't have dots in var names 579 580 if (count($cookie_id) < 4 || ($cookie_content[1] == 'secure' && $_url_parts['scheme'] != 'https')) 581 { 582 continue; 583 } 584 585 if ((preg_match('#\Q' . $cookie_id[3] . '\E$#i', $_url_parts['host']) || strtolower($cookie_id[3]) == strtolower('.' . $_url_parts['host'])) && preg_match('#^\Q' . $cookie_id[2] . '\E#', $_url_parts['path'])) 586 { 587 $_cookie .= ($_cookie != '' ? '; ' : '') . (empty($cookie_id[1]) ? '' : $cookie_id[1] . '=') . $cookie_content[0]; 588 } 589 } 590 else if ($cookie_id[0] === 'AUTH' && count($cookie_id) === 3) 591 { 592 $cookie_id[2] = str_replace('_', '.', $cookie_id[2]); 593 594 if ($_url_parts['host'] . ':' . $_url_parts['port'] === $cookie_id[2]) 595 { 596 $_auth_creds[$cookie_id[1]] = $cookie_content[0]; 597 } 598 } 599 } 600 601 if ($_cookie != '') 602 { 603 $_request_headers .= "Cookie: $_cookie\r\n"; 604 } 605 } 606 if (isset($_url_parts['user'], $_url_parts['pass'])) 607 { 608 $_basic_auth_header = base64_encode($_url_parts['user'] . ':' . $_url_parts['pass']); 609 } 610 if (!empty($_basic_auth_header)) 611 { 612 $_set_cookie[] = add_cookie("AUTH;{$_basic_auth_realm};{$_url_parts['host']}:{$_url_parts['port']}", $_basic_auth_header); 613 $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; 614 } 615 else if (!empty($_basic_auth_realm) && isset($_auth_creds[$_basic_auth_realm])) 616 { 617 $_request_headers .= "Authorization: Basic {$_auth_creds[$_basic_auth_realm]}\r\n"; 618 } 619 else if (list($_basic_auth_realm, $_basic_auth_header) = each($_auth_creds)) 620 { 621 $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; 622 } 623 if ($_request_method == 'POST') 624 { 625 if (!empty($_FILES) && $_system['uploads']) 626 { 627 $_data_boundary = '----' . md5(uniqid(rand(), true)); 628 $array = set_post_vars($_POST); 629 630 foreach ($array as $key => $value) 631 { 632 $_post_body .= "--{$_data_boundary}\r\n"; 633 $_post_body .= "Content-Disposition: form-data; name=\"$key\"\r\n\r\n"; 634 $_post_body .= urldecode($value) . "\r\n"; 635 } 636 637 $array = set_post_files($_FILES); 638 639 foreach ($array as $key => $file_info) 640 { 641 $_post_body .= "--{$_data_boundary}\r\n"; 642 $_post_body .= "Content-Disposition: form-data; name=\"$key\"; filename=\"{$file_info['name']}\"\r\n"; 643 $_post_body .= 'Content-Type: ' . (empty($file_info['type']) ? 'application/octet-stream' : $file_info['type']) . "\r\n\r\n"; 644 645 if (is_readable($file_info['tmp_name'])) 646 { 647 $handle = fopen($file_info['tmp_name'], 'rb'); 648 $_post_body .= fread($handle, filesize($file_info['tmp_name'])); 649 fclose($handle); 650 } 651 652 $_post_body .= "\r\n"; 653 } 654 655 $_post_body .= "--{$_data_boundary}--\r\n"; 656 $_request_headers .= "Content-Type: multipart/form-data; boundary={$_data_boundary}\r\n"; 657 $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; 658 $_request_headers .= $_post_body; 659 } 660 else 661 { 662 $array = set_post_vars($_POST); 663 664 foreach ($array as $key => $value) 665 { 666 $_post_body .= !empty($_post_body) ? '&' : ''; 667 $_post_body .= $key . '=' . $value; 668 } 669 $_request_headers .= "Content-Type: application/x-www-form-urlencoded\r\n"; 670 $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; 671 $_request_headers .= $_post_body; 672 $_request_headers .= "\r\n"; 673 } 674 675 $_post_body = ''; 676 } 677 else 678 { 679 $_request_headers .= "\r\n"; 680 } 681 682 fwrite($_socket, $_request_headers); 683 684 // 685 // PROCESS RESPONSE HEADERS 686 // 687 688 $_response_headers = $_response_keys = array(); 689 690 $line = fgets($_socket, 8192); 691 692 while (strspn($line, "\r\n") !== strlen($line)) 693 { 694 @list($name, $value) = explode(':', $line, 2); 695 $name = trim($name); 696 $_response_headers[strtolower($name)][] = trim($value); 697 $_response_keys[strtolower($name)] = $name; 698 $line = fgets($_socket, 8192); 699 } 700 701 sscanf(current($_response_keys), '%s %s', $_http_version, $_response_code); 702 703 if (isset($_response_headers['content-type'])) 704 { 705 list($_content_type, ) = explode(';', str_replace(' ', '', strtolower($_response_headers['content-type'][0])), 2); 706 } 707 if (isset($_response_headers['content-length'])) 708 { 709 $_content_length = $_response_headers['content-length'][0]; 710 unset($_response_headers['content-length'], $_response_keys['content-length']); 711 } 712 if (isset($_response_headers['content-disposition'])) 713 { 714 $_content_disp = $_response_headers['content-disposition'][0]; 715 unset($_response_headers['content-disposition'], $_response_keys['content-disposition']); 716 } 717 if (isset($_response_headers['set-cookie']) && $_flags['accept_cookies']) 718 { 719 foreach ($_response_headers['set-cookie'] as $cookie) 720 { 721 $name = $value = $expires = $path = $domain = $secure = $expires_time = ''; 722 723 preg_match('#^\s*([^=;,\s]*)\s*=?\s*([^;]*)#', $cookie, $match) && list(, $name, $value) = $match; 724 preg_match('#;\s*expires\s*=\s*([^;]*)#i', $cookie, $match) && list(, $expires) = $match; 725 preg_match('#;\s*path\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $path) = $match; 726 preg_match('#;\s*domain\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $domain) = $match; 727 preg_match('#;\s*(secure\b)#i', $cookie, $match) && list(, $secure) = $match; 728 729 $expires_time = empty($expires) ? 0 : intval(@strtotime($expires)); 730 $expires = ($_flags['session_cookies'] && !empty($expires) && time()-$expires_time < 0) ? '' : $expires; 731 $path = empty($path) ? '/' : $path; 732 733 if (empty($domain)) 734 { 735 $domain = $_url_parts['host']; 736 } 737 else 738 { 739 $domain = '.' . strtolower(str_replace('..', '.', trim($domain, '.'))); 740 741 if ((!preg_match('#\Q' . $domain . '\E$#i', $_url_parts['host']) && $domain != '.' . $_url_parts['host']) || (substr_count($domain, '.') < 2 && $domain{0} == '.')) 742 { 743 continue; 744 } 745 } 746 if (count($_COOKIE) >= 15 && time()-$expires_time <= 0) 747 { 748 $_set_cookie[] = add_cookie(current($_COOKIE), '', 1); 749 } 750 751 $_set_cookie[] = add_cookie("COOKIE;$name;$path;$domain", "$value;$secure", $expires_time); 752 } 753 } 754 if (isset($_response_headers['set-cookie'])) 755 { 756 unset($_response_headers['set-cookie'], $_response_keys['set-cookie']); 757 } 758 if (!empty($_set_cookie)) 759 { 760 $_response_keys['set-cookie'] = 'Set-Cookie'; 761 $_response_headers['set-cookie'] = $_set_cookie; 762 } 763 if (isset($_response_headers['p3p']) && preg_match('#policyref\s*=\s*[\'"]?([^\'"\s]*)[\'"]?#i', $_response_headers['p3p'][0], $matches)) 764 { 765 $_response_headers['p3p'][0] = str_replace($matches[0], 'policyref="' . complete_url($matches[1]) . '"', $_response_headers['p3p'][0]); 766 } 767 if (isset($_response_headers['refresh']) && preg_match('#([0-9\s]*;\s*URL\s*=)\s*(\S*)#i', $_response_headers['refresh'][0], $matches)) 768 { 769 $_response_headers['refresh'][0] = $matches[1] . complete_url($matches[2]); 770 } 771 if (isset($_response_headers['location'])) 772 { 773 $_response_headers['location'][0] = complete_url($_response_headers['location'][0]); 774 } 775 if (isset($_response_headers['uri'])) 776 { 777 $_response_headers['uri'][0] = complete_url($_response_headers['uri'][0]); 778 } 779 if (isset($_response_headers['content-location'])) 780 { 781 $_response_headers['content-location'][0] = complete_url($_response_headers['content-location'][0]); 782 } 783 if (isset($_response_headers['connection'])) 784 { 785 unset($_response_headers['connection'], $_response_keys['connection']); 786 } 787 if (isset($_response_headers['keep-alive'])) 788 { 789 unset($_response_headers['keep-alive'], $_response_keys['keep-alive']); 790 } 791 if ($_response_code == 401 && isset($_response_headers['www-authenticate']) && preg_match('#basic\s+(?:realm="(.*?)")?#i', $_response_headers['www-authenticate'][0], $matches)) 792 { 793 if (isset($_auth_creds[$matches[1]]) && !$_quit) 794 { 795 $_basic_auth_realm = $matches[1]; 796 $_basic_auth_header = ''; 797 $_retry = $_quit = true; 798 } 799 else 800 { 801 show_report(array('which' => 'index', 'category' => 'auth', 'realm' => $matches[1])); 802 } 803 } 804 } 805 while ($_retry); 806 807 // 808 // OUTPUT RESPONSE IF NO PROXIFICATION IS NEEDED 809 // 810 811 if (!isset($_proxify[$_content_type])) 812 { 813 @set_time_limit(0); 814 815 $_response_keys['content-disposition'] = 'Content-Disposition'; 816 $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; 817 818 if ($_content_length !== false) 819 { 820 if ($_config['max_file_size'] != -1 && $_content_length > $_config['max_file_size']) 821 { 822 show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'file_size')); 823 } 824 825 $_response_keys['content-length'] = 'Content-Length'; 826 $_response_headers['content-length'][0] = $_content_length; 827 } 828 829 $_response_headers = array_filter($_response_headers); 830 $_response_keys = array_filter($_response_keys); 831 832 header(array_shift($_response_keys)); 833 array_shift($_response_headers); 834 835 foreach ($_response_headers as $name => $array) 836 { 837 foreach ($array as $value) 838 { 839 header($_response_keys[$name] . ': ' . $value, false); 840 } 841 } 842 843 do 844 { 845 $data = fread($_socket, 8192); 846 echo $data; 847 } 848 while (isset($data{0})); 849 850 fclose($_socket); 851 exit(0); 852 } 853 854 do 855 { 856 $data = @fread($_socket, 8192); // silenced to avoid the "normal" warning by a faulty SSL connection 857 $_response_body .= $data; 858 } 859 while (isset($data{0})); 860 861 unset($data); 862 fclose($_socket); 863 864 // 865 // MODIFY AND DUMP RESOURCE 866 // 867 868 if ($_content_type == 'text/css') 869 { 870 $_response_body = proxify_css($_response_body); 871 } 872 else 873 { 874 if ($_flags['strip_title']) 875 { 876 $_response_body = preg_replace('#(<\s*title[^>]*>)(.*?)(<\s*/title[^>]*>)#is', '$1$3', $_response_body); 877 } 878 if ($_flags['remove_scripts']) 879 { 880 $_response_body = preg_replace('#<\s*script[^>]*?>.*?<\s*/\s*script\s*>#si', '', $_response_body); 881 $_response_body = preg_replace("#(\bon[a-z]+)\s*=\s*(?:\"([^\"]*)\"?|'([^']*)'?|([^'\"\s>]*))?#i", '', $_response_body); 882 $_response_body = preg_replace('#<noscript>(.*?)</noscript>#si', "$1", $_response_body); 883 } 884 if (!$_flags['show_images']) 885 { 886 $_response_body = preg_replace('#<(img|image)[^>]*?>#si', '', $_response_body); 887 } 888 889 // 890 // PROXIFY HTML RESOURCE 891 // 892 893 $tags = array 894 ( 895 'a' => array('href'), 896 'img' => array('src', 'longdesc'), 897 'image' => array('src', 'longdesc'), 898 'body' => array('background'), 899 'base' => array('href'), 900 'frame' => array('src', 'longdesc'), 901 'iframe' => array('src', 'longdesc'), 902 'head' => array('profile'), 903 'layer' => array('src'), 904 'input' => array('src', 'usemap'), 905 'form' => array('action'), 906 'area' => array('href'), 907 'link' => array('href', 'src', 'urn'), 908 'meta' => array('content'), 909 'param' => array('value'), 910 'applet' => array('codebase', 'code', 'object', 'archive'), 911 'object' => array('usermap', 'codebase', 'classid', 'archive', 'data'), 912 'script' => array('src'), 913 'select' => array('src'), 914 'hr' => array('src'), 915 'table' => array('background'), 916 'tr' => array('background'), 917 'th' => array('background'), 918 'td' => array('background'), 919 'bgsound' => array('src'), 920 'blockquote' => array('cite'), 921 'del' => array('cite'), 922 'embed' => array('src'), 923 'fig' => array('src', 'imagemap'), 924 'ilayer' => array('src'), 925 'ins' => array('cite'), 926 'note' => array('src'), 927 'overlay' => array('src', 'imagemap'), 928 'q' => array('cite'), 929 'ul' => array('src') 930 ); 931 932 preg_match_all('#(<\s*style[^>]*>)(.*?)(<\s*/\s*style[^>]*>)#is', $_response_body, $matches, PREG_SET_ORDER); 933 934 for ($i = 0, $count_i = count($matches); $i < $count_i; ++$i) 935 { 936 $_response_body = str_replace($matches[$i][0], $matches[$i][1]. proxify_css($matches[$i][2]) .$matches[$i][3], $_response_body); 937 } 938 939 preg_match_all("#<\s*([a-zA-Z\?-]+)([^>]+)>#S", $_response_body, $matches); 940 941 for ($i = 0, $count_i = count($matches[0]); $i < $count_i; ++$i) 942 { 943 if (!preg_match_all("#([a-zA-Z\-\/]+)\s*(?:=\s*(?:\"([^\">]*)\"?|'([^'>]*)'?|([^'\"\s]*)))?#S", $matches[2][$i], $m, PREG_SET_ORDER)) 944 { 945 continue; 946 } 947 948 $rebuild = false; 949 $extra_html = $temp = ''; 950 $attrs = array(); 951 952 for ($j = 0, $count_j = count($m); $j < $count_j; $attrs[strtolower($m[$j][1])] = (isset($m[$j][4]) ? $m[$j][4] : (isset($m[$j][3]) ? $m[$j][3] : (isset($m[$j][2]) ? $m[$j][2] : false))), ++$j); 953 954 if (isset($attrs['style'])) 955 { 956 $rebuild = true; 957 $attrs['style'] = proxify_inline_css($attrs['style']); 958 } 959 960 $tag = strtolower($matches[1][$i]); 961 962 if (isset($tags[$tag])) 963 { 964 switch ($tag) 965 { 966 case 'a': 967 if (isset($attrs['href'])) 968 { 969 $rebuild = true; 970 $attrs['href'] = complete_url($attrs['href']); 971 } 972 break; 973 case 'img': 974 if (isset($attrs['src'])) 975 { 976 $rebuild = true; 977 $attrs['src'] = complete_url($attrs['src']); 978 } 979 if (isset($attrs['longdesc'])) 980 { 981 $rebuild = true; 982 $attrs['longdesc'] = complete_url($attrs['longdesc']); 983 } 984 break; 985 case 'form': 986 if (isset($attrs['action'])) 987 { 988 $rebuild = true; 989 990 if (trim($attrs['action']) === '') 991 { 992 $attrs['action'] = $_url_parts['path']; 993 } 994 if (!isset($attrs['method']) || strtolower(trim($attrs['method'])) === 'get') 995 { 996 $extra_html = '<input type="hidden" name="' . $_config['get_form_name'] . '" value="' . encode_url(complete_url($attrs['action'], false)) . '" />'; 997 $attrs['action'] = ''; 998 break; 999 } 1000 1001 $attrs['action'] = complete_url($attrs['action']); 1002 } 1003 break; 1004 case 'base': 1005 if (isset($attrs['href'])) 1006 { 1007 $rebuild = true; 1008 url_parse($attrs['href'], $_base); 1009 $attrs['href'] = complete_url($attrs['href']); 1010 } 1011 break; 1012 case 'meta': 1013 if ($_flags['strip_meta'] && isset($attrs['name'])) 1014 { 1015 $_response_body = str_replace($matches[0][$i], '', $_response_body); 1016 } 1017 if (isset($attrs['http-equiv'], $attrs['content']) && preg_match('#\s*refresh\s*#i', $attrs['http-equiv'])) 1018 { 1019 if (preg_match('#^(\s*[0-9]*\s*;\s*url=)(.*)#i', $attrs['content'], $content)) 1020 { 1021 $rebuild = true; 1022 $attrs['content'] = $content[1] . complete_url(trim($content[2], '"\'')); 1023 } 1024 } 1025 break; 1026 case 'head': 1027 if (isset($attrs['profile'])) 1028 { 1029 $rebuild = true; 1030 $attrs['profile'] = implode(' ', array_map('complete_url', explode(' ', $attrs['profile']))); 1031 } 1032 break; 1033 case 'applet': 1034 if (isset($attrs['codebase'])) 1035 { 1036 $rebuild = true; 1037 $temp = $_base; 1038 url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); 1039 unset($attrs['codebase']); 1040 } 1041 if (isset($attrs['code']) && strpos($attrs['code'], '/') !== false) 1042 { 1043 $rebuild = true; 1044 $attrs['code'] = complete_url($attrs['code']); 1045 } 1046 if (isset($attrs['object'])) 1047 { 1048 $rebuild = true; 1049 $attrs['object'] = complete_url($attrs['object']); 1050 } 1051 if (isset($attrs['archive'])) 1052 { 1053 $rebuild = true; 1054 $attrs['archive'] = implode(',', array_map('complete_url', preg_split('#\s*,\s*#', $attrs['archive']))); 1055 } 1056 if (!empty($temp)) 1057 { 1058 $_base = $temp; 1059 } 1060 break; 1061 case 'object': 1062 if (isset($attrs['usemap'])) 1063 { 1064 $rebuild = true; 1065 $attrs['usemap'] = complete_url($attrs['usemap']); 1066 } 1067 if (isset($attrs['codebase'])) 1068 { 1069 $rebuild = true; 1070 $temp = $_base; 1071 url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); 1072 unset($attrs['codebase']); 1073 } 1074 if (isset($attrs['data'])) 1075 { 1076 $rebuild = true; 1077 $attrs['data'] = complete_url($attrs['data']); 1078 } 1079 if (isset($attrs['classid']) && !preg_match('#^clsid:#i', $attrs['classid'])) 1080 { 1081 $rebuild = true; 1082 $attrs['classid'] = complete_url($attrs['classid']); 1083 } 1084 if (isset($attrs['archive'])) 1085 { 1086 $rebuild = true; 1087 $attrs['archive'] = implode(' ', array_map('complete_url', explode(' ', $attrs['archive']))); 1088 } 1089 if (!empty($temp)) 1090 { 1091 $_base = $temp; 1092 } 1093 break; 1094 case 'param': 1095 if (isset($attrs['valuetype'], $attrs['value']) && strtolower($attrs['valuetype']) == 'ref' && preg_match('#^[\w.+-]+://#', $attrs['value'])) 1096 { 1097 $rebuild = true; 1098 $attrs['value'] = complete_url($attrs['value']); 1099 } 1100 break; 1101 case 'frame': 1102 case 'iframe': 1103 if (isset($attrs['src'])) 1104 { 1105 $rebuild = true; 1106 $attrs['src'] = complete_url($attrs['src']) . '&nf=1'; 1107 } 1108 if (isset($attrs['longdesc'])) 1109 { 1110 $rebuild = true; 1111 $attrs['longdesc'] = complete_url($attrs['longdesc']); 1112 } 1113 break; 1114 default: 1115 foreach ($tags[$tag] as $attr) 1116 { 1117 if (isset($attrs[$attr])) 1118 { 1119 $rebuild = true; 1120 $attrs[$attr] = complete_url($attrs[$attr]); 1121 } 1122 } 1123 break; 1124 } 1125 } 1126 1127 if ($rebuild) 1128 { 1129 $new_tag = "<$tag"; 1130 foreach ($attrs as $name => $value) 1131 { 1132 $delim = strpos($value, '"') && !strpos($value, "'") ? "'" : '"'; 1133 $new_tag .= ' ' . $name . ($value !== false ? '=' . $delim . $value . $delim : ''); 1134 } 1135 1136 $_response_body = str_replace($matches[0][$i], $new_tag . '>' . $extra_html, $_response_body); 1137 } 1138 } 1139 1140 if ($_flags['include_form'] && !isset($_GET['nf'])) 1141 { 1142 $_url_form = '<div style="width:100%;margin:0;text-align:center;border-bottom:1px solid #725554;color:#000000;background-color:#F2FDF3;font-size:12px;font-weight:bold;font-family:Bitstream Vera Sans,arial,sans-serif;padding:4px;">' 1143 . '<form method="post" action="' . $_script_url . '">' 1144 . ' <label for="____' . $_config['url_var_name'] . '"><a href="' . $_url . '">Address</a>:</label> <input id="____' . $_config['url_var_name'] . '" type="text" size="80" name="' . $_config['url_var_name'] . '" value="' . $_url . '" />' 1145 . ' <input type="submit" name="go" value="Go" />' 1146 . ' [go: <a href="' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_url_parts['prev_dir']) .' ">up one dir</a>, <a href="' . $_script_base . '">main page</a>]' 1147 . '<br /><hr />'; 1148 1149 foreach ($_flags as $flag_name => $flag_value) 1150 { 1151 if (!$_frozen_flags[$flag_name]) 1152 { 1153 $_url_form .= '<label><input type="checkbox" name="' . $_config['flags_var_name'] . '[' . $flag_name . ']"' . ($flag_value ? ' checked="checked"' : '') . ' /> ' . $_labels[$flag_name][0] . '</label> '; 1154 } 1155 } 1156 1157 $_url_form .= '</form></div>'; 1158 $_response_body = preg_replace('#\<\s*body(.*?)\>#si', "$0\n$_url_form" , $_response_body, 1); 1159 } 1160 } 1161 1162 $_response_keys['content-disposition'] = 'Content-Disposition'; 1163 $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; 1164 $_response_keys['content-length'] = 'Content-Length'; 1165 $_response_headers['content-length'][0] = strlen($_response_body); 1166 $_response_headers = array_filter($_response_headers); 1167 $_response_keys = array_filter($_response_keys); 1168 1169 header(array_shift($_response_keys)); 1170 array_shift($_response_headers); 1171 1172 foreach ($_response_headers as $name => $array) 1173 { 1174 foreach ($array as $value) 1175 { 1176 header($_response_keys[$name] . ': ' . $value, false); 1177 } 1178 } 1179 1180 echo $_response_body; 1181 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Tue Nov 20 19:39:29 2007 | par Balluche grâce à PHPXref 0.7 |
|